TMCnet FEATURE

TMCNET eNEWSLETTER SIGNUP

It is Time to Harden Enterprise Privilege Management

If more businesses were in the habit of using good role-based privilege management, there would be a lot less movie and TV plots that included hacking into corporate or government networks for sensitive information and espionage.

It would be a lot harder for Mission Impossible films if network access was restricted to a particular user at a particular time of day, for instance, and if access would only be granted if the system had assurance that there was an audit trail that could prove the user’s identity and monitor what was done within the system.

Indeed, smart shows are already incorporating role-based privilege management into their plots, highlighting that the days of unauthorized network access are starting to come to a close.

For instance, in a recent episode of the popular television show, the Good Wife, the main character of the series tried to steal client information before starting a rival firm. She was caught, however, because another partner was able to see that she was accessing client files at an inappropriate time.

The previous generation of privilege management is no longer sufficient now that network and application access is an acute vulnerability that can increasingly hurt a business. Shared admin accounts and blanket access is frankly insecure.

What business systems need in 2014, if they don’t already have it, is a robust role-based privilege management system that delivers least privilege access and a clear audit trail.

What that means is that each user should have a unique user account and only access to the applications, networks, desktops and services that he or she needs for the job. This level of granularity is essential from a security perspective, not just a nice feature.

Further, businesses need to ensure that their computing systems have a pathway for upgrading privileges as needed. For instance, a particular employee may need to start or stop an SQL database process. But at the same, this employee does not need blanket access to all databases or even all database processes. There needs to be a pathway to allow this employee to upgrade access privilege just when needed.

An audit trail also is becoming essential for proper security and authorization. There needs to be a pathway to not only set up appropriate rights to every element of an enterprise computing system, but also make sure that no breaches or inappropriate activities are taking place.

As a recent Centrify video demonstrates, a good role-based system will be able to hold back access until it can verify that auditing is taking place. If the audit system is not functioning, access will not be granted.